Heimadal Security

JULY 27, 2021

Industry analysts have recently disclosed that many of the data breaches that make the headlines are the result of the exploitation of cloud misconfiguration mistakes, sometimes with devastating consequences. The post 36% of Organizations Experienced Cloud Misconfigurations in the Past Year appeared first on Heimdal Security Blog.

Data breaches 98

Data breaches Cybersecurity 98

Heimadal Security

MAY 15, 2023

A database misconfiguration in its cloud environment leads to exposing of the car-location data of 2,150,000 customers. Details from the Data Breach Notice The misconfiguration allowed unauthorized people to access the database without needing a password.

Data breaches 83

Data breaches Passwords Cybersecurity 83

Security Boulevard

MARCH 26, 2024

Nearly 90% of organizations have a multi-cloud environment today. Too often operations teams lack the oversight they need in real-time to make sure that asset and workload activity across multi-clouds is okay or respond if it is due to misconfiguration or compromise.

59

59

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Ars Technica reports: Misconfiguration in the Jupyter feature opens up a privilege escalation exploit. Tue, 11/16/2021 - 06:15.

Encryption 143

Encryption Data privacy Technology Marketing 143

Heimadal Security

DECEMBER 7, 2021

A new report shows how cloud misconfiguration could lead to critical data exposure of an organization. Researchers revealed that misconfigured Kafdrop instances, Kafdrop being the Apache Kafkas’s management interface, led to the exposure of sensitive cloud data related to many big companies worldwide.

Cybersecurity 81

Cybersecurity 81

Security Boulevard

JUNE 2, 2023

Using Cloud Securely — The Config Doom Question First, “Use Cloud Securely? and “How to Solve the Mystery of Cloud Defense in Depth?” (and and “Where Does Shared Responsibility Model for Security Breaks in the Real World?” Use Cloud Securely? What Does This Even Mean?!” SO WHY DON’T THEY?

Cloud Migration 64

Cloud Migration Data breaches Social Engineering CISO 64

Security Boulevard

FEBRUARY 7, 2024

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 , #5 , #6 , #7 and #8 ).

Cybersecurity 69

Cybersecurity Ransomware Passwords Cryptocurrency 69

SC Magazine

MAY 11, 2021

Visitors arrive at the cloud pavilion of Amazon Web Services at the 2016 CeBIT digital technology trade fair in Hanover, Germany. AWS System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents.

Backups 140

Backups Social Engineering Encryption Media 140

Centraleyes

FEBRUARY 25, 2024

In the digital era, cloud computing has become synonymous with agility and scalability for businesses and individuals. However, critical security risks and threats inherent in cloud environments come alongside the myriad benefits. Who’s Responsible for Security in the Cloud?

Risk 52

Risk Encryption Social Engineering Authentication 52

Security Boulevard

MARCH 23, 2023

On March 14, 2023, security expert, Nicolau Lawand, led a session discussing how Solvo helps organizations identify and mitigate cloud misconfigurations and vulnerabilities by providing contextual visibility into applications, user behavior, cloud infrastructure resources, and associated data.

64

64

Security Boulevard

JUNE 30, 2023

In Radware’s Cloud WAF solution, your application is protected from a virus violation, including other infractions like remote file inclusions, SQL injections, security misconfiguration, sensitive data exposure, broken access control, cross-site scripting XSS, and more.

Cybersecurity 59

Cybersecurity 59

eSecurity Planet

DECEMBER 1, 2022

The Wiz Research Team recently discovered a supply chain vulnerability in IBM Cloud that they say is the first to impact a cloud provider’s infrastructure. The security issues were reported to IBM Cloud in late August, and were patched in early September. Network Access to IBM Cloud Build Servers.

Software 135

Software Authentication Passwords Accountability 135

Krebs on Security

AUGUST 2, 2019

What follows is based on interviews with almost a dozen security experts, including one who is privy to details about the ongoing breach investigation. The misconfiguration of the WAF allowed the intruder to trick the firewall into relaying requests to a key back-end resource on the AWS platform.

Hacking 235

Hacking Firewall Data breaches Software 235

Security Boulevard

APRIL 13, 2023

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our sixth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 and #5 ). You can have fun in the cloud!

Cybersecurity 110

Cybersecurity Passwords Accountability Ransomware 110

Security Boulevard

MARCH 18, 2022

Cyber Attackers Tap Cloud Native Technologies in Russia-Ukraine War. As part of our research efforts, we regularly deploy honeypots, i.e., misconfigured cloud native applications based on Docker and Kubernetes or other widely used applications such as databases,” according to Aqua. brooke.crothers. Fri, 03/18/2022 - 16:58.

Cyber Attacks 138

Cyber Attacks Technology Digital transformation DNS 138

eSecurity Planet

AUGUST 5, 2021

Two of the largest government security agencies are laying out the key cyberthreats to Kubernetes, the popular platform for orchestrating and managing containers, and ways to harden the open-source tool against attacks. ” Further reading: Top Container Security Solutions for 2021. ” Containers, Kubernetes Take Over.

Risk 109

Risk Encryption Cybersecurity Engineering 109

Security Boulevard

DECEMBER 22, 2022

The breach, which occurred due to a misconfigured AWS cloud resource, resulted in the exposure of customer names, passwords, and partial credit card numbers. Continue reading "Cloud Security Risk for Retail Companies: Why Ignoring Best Practices Could be Costly – The Redmart Story". According to an article, the Redmart ….

Retail 69

Retail Risk Data breaches Passwords 69

Security Boulevard

DECEMBER 28, 2022

As the year is coming to an end, I can’t help but take a walk down memory lane to reminisce and reflect on the journey of the cloud threat landscape. Here’s my take on this 2022 recap of cloud threats. Particularly the cloud threat landscape, it truly feels like the massive potholes in front of my home.

Social Engineering 83

Social Engineering Software Engineering Risk 83

eSecurity Planet

NOVEMBER 17, 2022

Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. “And in the shared responsibility model, keeping this data secure is the responsibility of the organization that owns the buckets in which the data resides.” ” Also read: Cloud Bucket Vulnerability Management.

Data privacy 143

Data privacy Risk Marketing Passwords 143

SC Magazine

MAY 20, 2021

Researchers on Thursday reported that in analyzing Android apps on open databases they discovered serious cloud misconfigurations that led to the potential exposure of data belonging to more than 100 million users. <> on March 2, 2010 in Hannover, Germany.

Mobile 71

Mobile Identity Theft Encryption Risk 71

eSecurity Planet

APRIL 24, 2023

Aqua Security’s cloud security research team recently found thousands of registries and artifact repositories exposed online, revealing more than 250 million artifacts and over 65,000 container images. “However, this should never come at the expense of security.”

Software 97

Software Data Analyst Passwords Risk 97

McAfee

NOVEMBER 14, 2021

In this blog, we take a deeper dive into cloud security topics from these predictions focusing on the targeting of API services and apps exploitation of containers in 2022. Dynamic web-based productivity suites – Global cloud-based office productivity software market is expected to reach $50.7 billion by 2026.

IoT 102

IoT Risk Marketing Software 102

Security Affairs

NOVEMBER 12, 2021

We want to provide a summary of what was discussed, and share the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services. According to our assessment, this is the first time a vulnerability of this order of magnitude has ever been disclosed to any cloud service provider.

Accountability 124

Accountability Authentication Internet Internet 124

NetSpi Executives

SEPTEMBER 26, 2023

As businesses continue to embrace the cloud, the spotlight falls on safeguarding their growing digital environment. At Black Hat, NetSPI VP of Research Karl Fosaaen sat down with the host of the Cloud Security Podcast Ashish Rajan to discuss all things Azure penetration testing. Is cloud pentesting just configuration review?

Penetration Testing 59

Penetration Testing Cyber threats Internet Internet 59

Security Boulevard

DECEMBER 9, 2022

Container Security and Cloud Native Best Practices. This makes the base image the most important one to secure. . There are different types of containers (Docker, Kubernetes, AWS, and Microsoft Azure), and below you’ll read more about their specific best practices of container security. . Alexa Cardenas. Network traffic.

Architecture 69

Architecture Risk Accountability Software 69

Thales Cloud Protection & Licensing

APRIL 16, 2018

The past year has seen a number of high profile security breaches tied to leaky storage servers. Specifically, the leakage of sensitive files connected to misconfigured security protocols on Amazon Simple Storage Service (S3) buckets.

Encryption 91

Encryption Big data Backups Threat Reports 91

Thales Cloud Protection & Licensing

OCTOBER 10, 2019

theme will help to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers. As part of their digital transformation process, more and more businesses are moving to the cloud. Let us examine the typical cloud provider model. Protect IT.’

Cloud Migration 115

Cloud Migration Encryption Digital transformation Firewall 115

McAfee

APRIL 14, 2020

Today cloud adoption is considered mainstream, with 83% of enterprise workloads expected to in the cloud by 2020. As more organizations move their workloads to the cloud and to remote work from home environments, security must also evolve to meet the challenges of this new normal. Key Customer Challenges.

Insurance 64

Insurance Software Healthcare Firewall 64

Pen Test

OCTOBER 24, 2023

Nowadays, with the evolution of technology, many companies are starting their journey as a cloud native company. A cloud strategy is a concise viewpoint on the role of cloud computing in the organization. Assuming It’s an IT (Only) Strategy Cloud computing isn’t only about technology. Let's talk about all of them.

Artificial Intelligence 52

Artificial Intelligence Marketing Technology Risk 52

Security Affairs

APRIL 17, 2023

These include credentials for email providers, cloud service providers (AWS), server management systems, databases and payment systems – such as Stripe and PayPal. “From these targeted servers, the tool uses a number of RegEx patterns to extract credentials for various web services. ” reads the analysis published by Cado Labs.

Mobile 93

Mobile Hacking Malware Accountability 93

Security Affairs

APRIL 20, 2023

A misconfiguration of the bank systems exposed millions of records with sensitive data. In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. million files belonging to ICICI Bank.

Banking 98

Banking Identity Theft Accountability Phishing 98

Security Affairs

MAY 16, 2023

The Cybernews research team discovered that Leverage EDU leaked extremely sensitive data due to the misconfiguration of their systems. With branches throughout India, the company has quadrupled its workforce since the pandemic and secured $22 million in funding from international investors. It runs offices in the UK and Australia.

Identity Theft 91

Identity Theft Education Banking Risk 91

McAfee

JULY 31, 2020

These come after another recent leak of source code from Nintendo, prompting us to comment on the issue of IP protection and secure development pipelines. . Mistakes like misconfiguration and accidental credential exposure will happen in the development process, which is where InfoSec teams need to step in.

InfoSec 52

InfoSec Passwords IoT Accountability 52

McAfee

DECEMBER 22, 2021

In this blog, we present an overview of how you can mitigate the risk of this vulnerability exploitation with McAfee Enterprise solutions. Threat Intelligence is critical to adapt security controls and gain an understanding of attacker techniques and active campaigns exploiting the vulnerability. MVISION Cloud.

Malware 98

Malware Risk Internet Internet 98

Security Affairs

MAY 13, 2023

The data breach was caused by a database misconfiguration that was accessible to anyone without authentication. The security breach impacted customers who used the company’s T-Connect G-Link, G-Link Lite, or G-BOOK services. ” Currently, the company is unaware of any abuse of the data exposed in the security breach.

Data breaches 93

Data breaches Authentication Internet Internet 93

Security Affairs

NOVEMBER 22, 2022

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). It’s no secret that cyber security has become a leading priority for most organizations — especially those in industries that handle sensitive customer information. The result?

Authentication 121

Authentication B2B Accountability Digital transformation 121

Security Affairs

OCTOBER 30, 2020

Organizations and security incidents in Kubernetes environments, these are 5 key components of the control plane that demand special attention. Organizations are no strangers to security incidents in their Kubernetes environments. These are the kube-apiserver, etcd, kube-scheduler, kube-controller-manager and cloud-controller-manager.

Advertising 98

Advertising Internet Internet VPN 98